Beanstalk: The Finale

Summary

This report identifies a potential issue in WhitelistFacet.sol that could lead to locked ETH within the contract. Several functions within the contract are marked as payable even though they don't process ETH payments directly.

Vulnerability Details

Several functions in the WhitelistFacet contract are designed for managing the Silo whitelist and associated token settings. These functions include:

dewhitelistToken
whitelistToken
whitelistTokenWithEncodeType
whitelistTokenWithExternalImplementation
updateStalkPerBdvPerSeasonForToken
updateGaugeForToken
updateOracleImplementationForToken
updateLiqudityWeightImplementationForToken
updateGaugePointImplementationForToken
While these functions manage token whitelisting and settings, they don't directly handle or utilize ETH payments. However, all these functions are marked as payable.

If a user accidentally or intentionally sends ETH when calling any of these functions, the sent ETH could be locked in the contract.

Impact

Loss of funds: Any ETH accidentally or intentionally sent through the listed functions will be locked in the contract and inaccessible.

Tools Used

Manual code review

Recommendations

Consider removing the payable modifier from all the functions listed above. These functions currently do not handle ETH payments and making them non-payable will prevent accidental locking of ETH.

For any future functionalities within these functions that might require ETH payments for specific purposes, implement a secure mechanism to handle them. This mechanism should clearly explain the purpose of ETH payments and ensure proper processing and withdrawal for authorized users.

Add comments or documentation to each function explaining that sending ETH with the call is not required or has no effect.